UNPKG

dependency-guardian

Version:

A powerful dependency management and analysis tool for Node.js projects

github.com/1oridevs/Dep-Guard

1oridevs/Dep-Guard

92 lines (79 loc) 2.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
const semver = require('semver'); const logger = require('./logger'); const { ValidationError } = require('./errors'); class DependencyValidator { constructor() { this.rules = { maxDependencies: 150, maxDevDependencies: 50, allowedVersionPrefixes: ['^', '~', '>='], blockedPackages: [], requiredPeerDependencies: {} }; } async validateDependencies(packageJson, options = {}) { const issues = []; const { dependencies = {}, devDependencies = {}, peerDependencies = {} } = packageJson; // Check dependency counts if (Object.keys(dependencies).length > this.rules.maxDependencies) { issues.push({ type: 'limit', level: 'warning', message: `Too many dependencies (${Object.keys(dependencies).length} > ${this.rules.maxDependencies})` }); } // Validate version formats for (const [name, version] of Object.entries(dependencies)) { const versionIssues = this.validateVersion(name, version); issues.push(...versionIssues); } // Check for blocked packages const allDeps = { ...dependencies, ...devDependencies }; for (const blocked of this.rules.blockedPackages) { if (blocked in allDeps) { issues.push({ type: 'security', level: 'high', message: `Package "${blocked}" is blocked by policy` }); } } // Validate peer dependencies for (const [name, required] of Object.entries(this.rules.requiredPeerDependencies)) { if (dependencies[name] && !peerDependencies[required]) { issues.push({ type: 'peer', level: 'warning', message: `Package "${name}" requires peer dependency "${required}"` }); } } return issues; } validateVersion(name, version) { const issues = []; // Check version format if (!semver.validRange(version)) { issues.push({ type: 'version', level: 'error', message: `Invalid version format for "${name}": ${version}` }); return issues; } // Check version prefix const prefix = version.match(/^[\^~>=]+/)?.[0]; if (prefix && !this.rules.allowedVersionPrefixes.includes(prefix)) { issues.push({ type: 'version', level: 'warning', message: `Package "${name}" uses disallowed version prefix: ${prefix}` }); } return issues; } setRules(newRules) { this.rules = { ...this.rules, ...newRules }; } } module.exports = new DependencyValidator();